Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/TowEe3tcXvtIxXZhaMjj39t5iZA.roa
File: TowEe3tcXvtIxXZhaMjj39t5iZA.roa (raw, json)
Hash identifier: Z9Ur6KTX5alfEyHvztT/rayGOrHHtI0LsjNjLvwfMCE=
Subject key identifier: 4E:8C:04:7B:7B:5C:5E:FB:48:C5:76:61:68:C8:E3:DF:DB:79:89:90
Certificate issuer: /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial: 0182CA34D3398A43CF07BD6998F01D7EC5A4
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/TowEe3tcXvtIxXZhaMjj39t5iZA.roa
Signing time: Tue 23 Aug 2022 10:17:15 +0000
ROA not before: Tue 23 Aug 2022 10:17:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12615
IP address blocks: 212.70.133.0/24 maxlen: 24
212.70.135.0/24 maxlen: 24
212.70.134.0/24 maxlen: 24
109.160.118.0/24 maxlen: 24
212.70.130.0/23 maxlen: 23
212.70.132.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:ca:34:d3:39:8a:43:cf:07:bd:69:98:f0:1d:7e:c5:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
Validity
Not Before: Aug 23 10:17:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4e8c047b7b5c5efb48c5766168c8e3dfdb798990
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:37:eb:cb:17:7c:2b:bb:e8:93:30:05:55:c7:
a6:b4:28:6d:15:39:cc:94:a3:7f:6d:64:a7:43:1f:
ec:6b:b7:77:fe:a5:ce:da:1e:c4:06:99:ea:31:0f:
11:1a:44:69:69:e0:51:80:34:66:be:0c:d3:ea:63:
85:cf:9f:ca:f2:24:4a:24:2f:d3:28:72:67:18:a7:
54:9a:df:41:ff:49:e3:51:62:80:fe:c7:a4:d1:bb:
05:5a:1c:d9:c8:5a:4b:e0:d5:23:41:19:ae:71:29:
85:31:ed:f8:9e:2a:db:0f:bc:08:c5:b7:68:fe:3b:
53:25:c0:a2:bd:fb:19:5e:bf:62:25:77:b0:76:89:
22:9d:89:4f:61:d7:dc:09:c6:87:f0:03:4a:a3:b8:
5e:62:e7:a7:c4:2b:91:9a:62:62:0b:68:16:63:13:
d5:58:46:1f:cb:eb:02:46:3d:05:96:c6:b8:93:45:
a1:f8:e9:2c:be:a7:a2:67:15:7a:82:fc:5f:8a:4f:
03:44:58:42:36:8b:47:ff:06:4f:f5:ec:7b:3f:17:
a2:d3:a9:55:16:ff:69:3a:73:31:96:5f:25:a2:da:
54:d3:7b:58:a3:af:95:da:57:40:dc:b5:53:d4:85:
1f:ad:1e:a1:69:4b:fd:c7:e4:78:4b:8d:1b:a6:5e:
03:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:8C:04:7B:7B:5C:5E:FB:48:C5:76:61:68:C8:E3:DF:DB:79:89:90
X509v3 Authority Key Identifier:
keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/TowEe3tcXvtIxXZhaMjj39t5iZA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.160.118.0/24
212.70.130.0-212.70.135.255
Signature Algorithm: sha256WithRSAEncryption
59:42:9e:40:9c:3e:c3:0b:83:10:b8:e8:60:90:51:d9:dd:e0:
9a:f4:90:91:ca:3c:52:fa:7f:49:39:fa:1a:9f:af:83:ff:df:
13:e2:d8:46:d9:19:b8:db:50:a2:2e:94:4d:21:b0:90:78:42:
b6:05:f3:40:97:ae:90:d0:75:83:43:c5:c2:46:5a:3d:31:8f:
0b:c8:81:45:cf:f1:99:9d:89:26:ed:cc:ff:ae:89:f5:0f:b1:
c3:63:98:b7:d5:88:75:08:41:eb:ce:82:ef:cf:e1:16:d9:e6:
0a:0e:d9:cd:2a:b9:9a:16:40:44:52:61:e7:c1:ab:8a:14:f7:
1c:25:f8:97:bc:d0:38:aa:f4:2e:55:9a:e0:34:05:7f:0f:db:
e6:10:c4:9f:69:a1:b6:ec:d6:dd:8e:d8:f4:c9:65:90:42:b7:
79:43:22:99:74:be:cf:6d:3e:b3:b1:c9:cb:ea:7e:d7:9a:92:
d5:63:d6:1f:a7:7f:5d:7e:12:dd:df:6b:8c:cd:c7:a9:f0:bd:
fa:b4:42:e6:96:c0:bd:fd:64:1b:10:cd:c6:90:61:1d:63:e1:
91:14:bb:ec:c5:85:5c:7e:b5:c9:94:b6:c3:eb:9f:2c:00:a3:
d7:45:09:06:79:c6:73:43:56:cb:f7:b2:69:30:4a:b3:2b:7c:
f9:d7:c3:54
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYLKNNM5ikPPB71pmPAdfsWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjIwODIzMTAxNzE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThjMDQ3YjdiNWM1ZWZiNDhjNTc2NjE2OGM4ZTNkZmRiNzk4OTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTfryxd8K7vokzAFVcemtChtFTnM
lKN/bWSnQx/sa7d3/qXO2h7EBpnqMQ8RGkRpaeBRgDRmvgzT6mOFz5/K8iRKJC/T
KHJnGKdUmt9B/0njUWKA/sek0bsFWhzZyFpL4NUjQRmucSmFMe34nirbD7wIxbdo
/jtTJcCivfsZXr9iJXewdokinYlPYdfcCcaH8ANKo7heYuenxCuRmmJiC2gWYxPV
WEYfy+sCRj0Flsa4k0Wh+OksvqeiZxV6gvxfik8DRFhCNotH/wZP9ex7Pxei06lV
Fv9pOnMxll8lotpU03tYo6+V2ldA3LVT1IUfrR6haUv9x+R4S40bpl4DDwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFE6MBHt7XF77SMV2YWjI49/beYmQMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvVG93RWUzdGNYdnRJeFhaaGFNamozOXQ1aVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAbaB2MAwD
BAHURoIDBAPURoAwDQYJKoZIhvcNAQELBQADggEBAFlCnkCcPsMLgxC46GCQUdnd
4Jr0kJHKPFL6f0k5+hqfr4P/3xPi2EbZGbjbUKIulE0hsJB4QrYF80CXrpDQdYND
xcJGWj0xjwvIgUXP8ZmdiSbtzP+uifUPscNjmLfViHUIQevOgu/P4RbZ5goO2c0q
uZoWQERSYefBq4oU9xwl+Je80Diq9C5VmuA0BX8P2+YQxJ9pobbs1t2O2PTJZZBC
t3lDIpl0vs9tPrOxycvqfteaktVj1h+nf11+Et3fa4zNx6nwvfq0QuaWwL39ZBsQ
zcaQYR1j4ZEUu+zFhVx+tcmUtsPrnywAo9dFCQZ5xnNDVsv3smkwSrMrfPnXw1Q=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:14:13 2025 by rpki-client